Commit Debian 3.0 (quilt) metadata

[dgit (8.5~bpo9+1) quilt-fixup]

diff --git a/debian/patches/series b/debian/patches/series
index 6b773a675e4a76484e19417d2839e296e44b1d26..053e83730c14111f34b91ac0b39d9931592207a4 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@ Disable_JIT_on_sparc64.patch
 CVE-2017-6004.patch
 upstream-fix-for-cve-2017-7186-upstream-
 patch-from-mariadb-to-fix-stack-frame-si
+upstream-patch-fixing-cve-2020-14155.patch

diff --git a/debian/patches/upstream-patch-fixing-cve-2020-14155.patch b/debian/patches/upstream-patch-fixing-cve-2020-14155.patch
new file mode 100644 (file)
index 0000000..625708d
--- /dev/null
+++ b/debian/patches/upstream-patch-fixing-cve-2020-14155.patch
@@ -0,0 +1,37 @@
+From: Matthew Vernon <matthew@debian.org>
+Date: Thu, 18 Jun 2020 19:32:51 +0100
+X-Dgit-Generated: 2:8.39-13 7b88c83f87391950756256072f886a08c44ed78f
+Subject: upstream patch fixing CVE-2020-14155
+
+This checks the size of the number after (?C as it is read, in order
+to avoid integer overflow.
+
+---
+
+--- pcre3-8.39.orig/pcre_compile.c
++++ pcre3-8.39/pcre_compile.c
+@@ -7086,17 +7086,19 @@ for (;; ptr++)
+           int n = 0;
+           ptr++;
+           while(IS_DIGIT(*ptr))
++            { 
+             n = n * 10 + *ptr++ - CHAR_0;
++            if (n > 255)
++              {
++              *errorcodeptr = ERR38;
++              goto FAILED;
++              }
++            } 
+           if (*ptr != CHAR_RIGHT_PARENTHESIS)
+             {
+             *errorcodeptr = ERR39;
+             goto FAILED;
+             }
+-          if (n > 255)
+-            {
+-            *errorcodeptr = ERR38;
+-            goto FAILED;
+-            }
+           *code++ = n;
+           PUT(code, 0, (int)(ptr - cd->start_pattern + 1)); /* Pattern offset */
+           PUT(code, LINK_SIZE, 0);                          /* Default length */